5 files changed, 3 insertions, 364 deletions

diff --git a/docs/docbook/faq/errors.xml b/docs/docbook/faq/errors.xml
index 97619ce704..398286e3c9 100644
--- a/docs/docbook/faq/errors.xml
+++ b/docs/docbook/faq/errors.xml
@@ -45,7 +45,7 @@ SMB password encryption.
 <member>enable SMB password encryption in Samba. See the encryption part of 
 the samba HOWTO Collection</member>
 
-<member>disable this new behaviour in NT. See the section about 
+<member>disable this behaviour in NT. See the section about 
 Windows NT in the chapter "Portability" of the samba HOWTO collection
 </member>
 </simplelist>
@@ -98,79 +98,4 @@ before exporting it with Samba.
 
 </sect1>
 
-<sect1>
-<title>Why can users access home directories of other users?</title>
-
-<para>
-<quote>
-We are unable to keep individual users from mapping to any other user's
-home directory once they have supplied a valid password! They only need
-to enter their own password. I have not found *any* method that I can
-use to configure samba to enforce that only a user may map their own
-home directory.
-</quote>
-</para>
- 
-<para><quote>
-User xyzzy can map his home directory. Once mapped user xyzzy can also map
-*anyone* elses home directory!
-</quote></para>
-
-<para>
-This is not a security flaw, it is by design. Samba allows
-users to have *exactly* the same access to the UNIX filesystem
-as they would if they were logged onto the UNIX box, except
-that it only allows such views onto the file system as are
-allowed by the defined shares.
-</para>
-
-<para>
-This means that if your UNIX home directories are set up
-such that one user can happily cd into another users
-directory and do an ls, the UNIX security solution is to 
-change the UNIX file permissions on the users home directories
-such that the cd and ls would be denied.
-</para>
-
-<para>
-Samba tries very hard not to second guess the UNIX administrators
-security policies, and trusts the UNIX admin to set
-the policies and permissions he or she desires.
-</para>
-
-<para>
-Samba does allow the setup you require when you have set the
-"only user = yes" option on the share, is that you have not set the
-valid users list for the share.
-</para>
-
-<para>
-Note that only user works in conjunction with the users= list,
-so to get the behavior you require, add the line :
-<programlisting>
-users = %S
-</programlisting>
-this is equivalent to:
-<programlisting>
-valid users = %S
-</programlisting>
-to the definition of the [homes] share, as recommended in
-the smb.conf man page.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title>
-<para>
-A domain controller has to announce on the network who it is. This usually takes a while.
-</para>
-</sect1>
-
-<sect1>
-<title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title>
-<para>Your loopback device isn't working correctly. Make sure it's running.
-</para>
-</sect1>
-
 </chapter>
diff --git a/docs/docbook/faq/features.xml b/docs/docbook/faq/features.xml
index 66b05379cc..72a8e9c97f 100644
--- a/docs/docbook/faq/features.xml
+++ b/docs/docbook/faq/features.xml
@@ -3,66 +3,6 @@
 <title>Features</title>
 
 <sect1>
-<title>How can I prevent my samba server from being used to distribute the Nimda worm?</title>
-
-<para>Author: HASEGAWA Yosuke (translated by <ulink url="monyo@samba.gr.jp">TAKAHASHI Motonobu</ulink>)</para>
-
-<para>
-Nimba Worm is infected through shared disks on a network, as well as through
-Microsoft IIS, Internet Explorer and mailer of Outlook series.
-</para>
-
-<para>
-At this time, the worm copies itself by the name *.nws and *.eml on
-the shared disk, moreover, by the name of Riched20.dll in the folder
-where *.doc file is included.
-</para>
-
-<para>
-To prevent infection through the shared disk offered by Samba, set
-up as follows:
-</para>
-
-<para>
-<programlisting>
-[global]
-  ...
-  # This can break Administration installations of Office2k.
-  # in that case, don't veto the riched20.dll
-  veto files = /*.eml/*.nws/riched20.dll/
-</programlisting>
-</para>
-
-<para>
-By setting the "veto files" parameter, matched files on the Samba
-server are completely hidden from the clients and making it impossible
-to access them at all.
-</para>
-
-<para>
-In addition to it, the following setting is also pointed out by the
-samba-jp:09448 thread: when the
-"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
-a Samba server, it is visible only as "readme.txt" and dangerous
-code may be executed if this file is double-clicked.
-</para>
-
-<para>
-Setting the following,
-<programlisting>
-  veto files = /*.{*}/
-</programlisting>
-any files having CLSID in its file extension will be inaccessible from any
-clients.
-</para>
-
-<para>
-This technical article is created based on the discussion of
-samba-jp:09448 and samba-jp:10900 threads.
-</para>
-</sect1>
-
-<sect1>
 <title>How can I use samba as a fax server?</title>
 
 <para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para>
diff --git a/docs/docbook/faq/general.xml b/docs/docbook/faq/general.xml
index 54c620b382..df0d23ce02 100644
--- a/docs/docbook/faq/general.xml
+++ b/docs/docbook/faq/general.xml
@@ -2,13 +2,6 @@
 <title>General Information</title>
 
 <sect1>
-<title>Where can I get it?</title>
-<para>
-The Samba suite is available at the <ulink url="http://samba.org/">samba website</ulink>.
-</para>
-</sect1>
-
-<sect1>
 <title>What do the version numbers mean?</title>
 <para>
 It is not recommended that you run a version of Samba with the word
diff --git a/docs/docbook/faq/install.xml b/docs/docbook/faq/install.xml
index f8341dc65a..84b13f14d3 100644
--- a/docs/docbook/faq/install.xml
+++ b/docs/docbook/faq/install.xml
@@ -2,89 +2,6 @@
 <title>Compiling and installing Samba on a Unix host</title>
 
 <sect1>
-<title>I can't see the Samba server in any browse lists!</title>
-<para>
-See Browsing.html in the docs directory of the samba source
-for more information on browsing.
-</para>
-
-<para>
-If your GUI client does not permit you to select non-browsable
-servers, you may need to do so on the command line. For example, under
-Lan Manager you might connect to the above service as disk drive M:
-thusly:
-<programlisting>
-   net use M: \\mary\fred
-</programlisting>
-The details of how to do this and the specific syntax varies from
-client to client - check your client's documentation.
-</para>
-</sect1>
-
-<sect1>
-<title>Some files that I KNOW are on the server don't show up when I view the files from my client!</title>
-<para>See the next question.</para>
-</sect1>
-
-<sect1>
-<title>Some files on the server show up with really wierd filenames when I view the files from my client!</title>
-<para>
-If you check what files are not showing up, you will note that they
-are files which contain upper case letters or which are otherwise not
-DOS-compatible (ie, they are not legal DOS filenames for some reason).
-</para>
-
-<para>
-The Samba server can be configured either to ignore such files
-completely, or to present them to the client in "mangled" form. If you
-are not seeing the files at all, the Samba server has most likely been
-configured to ignore them.  Consult the man page smb.conf(5) for
-details of how to change this - the parameter you need to set is
-"mangled names = yes".
-</para>
-</sect1>
-
-<sect1>
-<title>My client reports "cannot locate specified computer" or similar</title>
-<para>
-This indicates one of three things: You supplied an incorrect server
-name, the underlying TCP/IP layer is not working correctly, or the
-name you specified cannot be resolved.
-</para>
-
-<para>
-After carefully checking that the name you typed is the name you
-should have typed, try doing things like pinging a host or telnetting
-to somewhere on your network to see if TCP/IP is functioning OK. If it
-is, the problem is most likely name resolution.
-</para>
-
-<para>
-If your client has a facility to do so, hardcode a mapping between the
-hosts IP and the name you want to use. For example, with Lan Manager
-or Windows for Workgroups you would put a suitable entry in the file
-LMHOSTS. If this works, the problem is in the communication between
-your client and the netbios name server. If it does not work, then
-there is something fundamental wrong with your naming and the solution
-is beyond the scope of this document.
-</para>
-
-<para>
-If you do not have any server on your subnet supplying netbios name
-resolution, hardcoded mappings are your only option. If you DO have a
-netbios name server running (such as the Samba suite's nmbd program),
-the problem probably lies in the way it is set up. Refer to Section
-Two of this FAQ for more ideas.
-</para>
-
-<para>
-By the way, remember to REMOVE the hardcoded mapping before further
-tests :-)
-</para>
-
-</sect1>
-
-<sect1>
 <title>My client reports "cannot locate specified share name" or similar</title>
 <para>
 This message indicates that your client CAN locate the specified
@@ -108,106 +25,6 @@ to specify a service name correctly), read on:
 </sect1>
 
 <sect1>
-<title>Printing doesn't work</title>
-<para>
-Make sure that the specified print command for the service you are
-connecting to is correct and that it has a fully-qualified path (eg.,
-use "/usr/bin/lpr" rather than just "lpr").
-</para>
-
-<para>
-Make sure that the spool directory specified for the service is
-writable by the user connected to the service. In particular the user
-"nobody" often has problems with printing, even if it worked with an
-earlier version of Samba. Try creating another guest user other than
-"nobody".
-</para>
-
-<para>
-Make sure that the user specified in the service is permitted to use
-the printer.
-</para>
-
-<para>
-Check the debug log produced by smbd. Search for the printer name and
-see if the log turns up any clues. Note that error messages to do with
-a service ipc$ are meaningless - they relate to the way the client
-attempts to retrieve status information when using the LANMAN1
-protocol.
-</para>
-
-<para>
-If using WfWg then you need to set the default protocol to TCP/IP, not
-Netbeui. This is a WfWg bug.
-</para>
-
-<para>
-If using the Lanman1 protocol (the default) then try switching to
-coreplus.  Also not that print status error messages don't mean
-printing won't work. The print status is received by a different
-mechanism.
-</para>
-</sect1>
-
-<sect1>
-<title>My client reports "This server is not configured to list shared resources"</title>
-<para>
-Your guest account is probably invalid for some reason. Samba uses the
-guest account for browsing in smbd.  Check that your guest account is
-valid.
-</para>
-
-<para>See also 'guest account' in smb.conf man page.</para>
-
-</sect1>
-
-<sect1>
-<title>Log message "you appear to have a trapdoor uid system" </title>
-<para>
-This can have several causes. It might be because you are using a uid
-or gid of 65535 or -1. This is a VERY bad idea, and is a big security
-hole. Check carefully in your /etc/passwd file and make sure that no
-user has uid 65535 or -1. Especially check the "nobody" user, as many
-broken systems are shipped with nobody setup with a uid of 65535.
-</para>
-
-<para>It might also mean that your OS has a trapdoor uid/gid system :-)</para>
-
-<para>
-This means that once a process changes effective uid from root to
-another user it can't go back to root. Unfortunately Samba relies on
-being able to change effective uid from root to non-root and back
-again to implement its security policy. If your OS has a trapdoor uid
-system this won't work, and several things in Samba may break. Less
-things will break if you use user or server level security instead of
-the default share level security, but you may still strike
-problems.
-</para>
-
-<para>
-The problems don't give rise to any security holes, so don't panic,
-but it does mean some of Samba's capabilities will be unavailable.
-In particular you will not be able to connect to the Samba server as
-two different uids at once. This may happen if you try to print as a
-"guest" while accessing a share as a normal user. It may also affect
-your ability to list the available shares as this is normally done as
-the guest user.
-</para>
-
-<para>
-Complain to your OS vendor and ask them to fix their system.
-</para>
-
-<para>
-Note: the reason why 65535 is a VERY bad choice of uid and gid is that
-it casts to -1 as a uid, and the setreuid() system call ignores (with
-no error) uid changes to -1. This means any daemon attempting to run
-as uid 65535 will actually run as root. This is not good!
-</para>
-
-</sect1>
-
-<sect1>
 <title>Why are my file's timestamps off by an hour, or by a few hours?</title>
 <para>
 This is from Paul Eggert eggert@twinsun.com.
@@ -297,37 +114,4 @@ zones.
 </para>
 </sect1>
 
-<sect1>
-<title>How do I set the printer driver name correctly?</title>
-<para>Question:
-<quote> On NT, I opened "Printer Manager" and "Connect to Printer".
- Enter ["\\ptdi270\ps1"] in the box of printer. I got the
- following error message
- </quote></para>
- <para>
- <programlisting>
-     You do not have sufficient access to your machine
-     to connect to the selected printer, since a driver
-     needs to be installed locally.
- </programlisting>
- </para>
-
- <para>Answer:</para>
-
- <para>In the more recent versions of Samba you can now set the "printer
-driver" in smb.conf. This tells the client what driver to use. For
-example:</para>
-<para><programlisting>
-     printer driver = HP LaserJet 4L
-</programlisting></para>
-<para>With this, NT knows to use the right driver. You have to get this string
-exactly right.</para>
-
-<para>To find the exact string to use, you need to get to the dialog box in
-your client where you select which printer driver to install. The
-correct strings for all the different printers are shown in a listbox
-in that dialog box.</para>
-
-</sect1>
-
 </chapter>
diff --git a/docs/docbook/faq/sambafaq.xml b/docs/docbook/faq/sambafaq.xml
index d5dc3ae40f..3c6fc85916 100644
--- a/docs/docbook/faq/sambafaq.xml
+++ b/docs/docbook/faq/sambafaq.xml
@@ -1,12 +1,11 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE book SYSTEM "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+                  
 <!ENTITY general SYSTEM "general.xml">
 <!ENTITY install SYSTEM "install.xml">
 <!ENTITY errors SYSTEM "errors.xml">
 <!ENTITY clientapp SYSTEM "clientapp.xml">
 <!ENTITY features SYSTEM "features.xml">
-<!ENTITY config SYSTEM "config.xml">
-<!ENTITY printing SYSTEM "printing.xml">
 ]>
 
 <book id="Samba-FAQ">
@@ -34,9 +33,7 @@ and the old samba text documents which were mostly written by John Terpstra.
 
 &general;
 &install;
-&config;
 &clientapp;
 &errors;
 &features;
-&printing;
 </book>